<?php
	/**
	* @package ParkFind
	* @desc This is the comment script php file. This script will get the comment information and display it.
	*		This script also contains the checks for the deleting button to delete user's only created document.
	*/
	
	// Direct calling check
	if (!isset($_POST["comment"]) && !isset($_POST["rating"]) && !isset($_GET["del"]))
		die("Do not call this page directly");
	
	session_start();
	
	/**
	* @desc This include file will load the functions that are required to call 
	*		from the database
	*/
	require 'includes/db_functions.inc';
	/**
	* @desc This include file connects to the database.
	*/
	require 'includes/connect.inc';
	
	// Store variables, escape them aswell
	$comment = mysql_real_escape_string($_POST["comment"], $connection);
	$comment = htmlentities($comment);
	$rating = mysql_real_escape_string($_POST["rating"], $connection);
	$park_id = mysql_real_escape_string($_GET["id"], $connection);
	$comment_id = mysql_real_escape_string($_GET["del"], $connection);

	
	if ($comment) // For a comment
	{		
		$result = addComment($_SESSION["user_id"], $park_id, $comment);

		// Add comment
		if ($result == TRUE)
			$status = $status . "&commrec=success";			
		else		
			$status = $status . "&commrec=failed";	
	}
	
	
	if ($rating) // For rating
	{	
		$result = addRating($_SESSION["user_id"], $park_id, $rating);
		
		// Add Rating
		if ($result == TRUE)
			$status = $status . "&ratingrec=success";
		else 
			$status = $status . "&ratingrec=failed";
			
	}
	
	
	if ($comment_id) // For deleting a comment
	{
	
		global $connection; // make accessible in function

		//Get that comment info
		$query = "SELECT comment_id, user_id"
		. " FROM comments WHERE comment_id = " . $comment_id;
		
		// Run query to get comment info
		if (!$result = mysql_query ($query, $connection))
			die ("Comment Query Failed");

		// If a comment was found with that id
		if (mysql_num_rows($result) > 0)
		{
			$row = mysql_fetch_array($result);
			
			// Check if it belongs to the owner trying to delete it
			if ($row["user_id"] == $_SESSION["user_id"]
				|| $_SESSION["role"] == "admin")
			{
				// ...If it does then delete it
				$comresult = deleteComment($comment_id);
				
				// Delete Comment
				if ($comresult == TRUE)
					$status = $status . "&delrec=success";
				else 
					$status = $status . "&delrec=failed";
			}
			else
				// False user attack
				$status = $status . "&delrec=failed";
			
		}
		else
			return FALSE;				
		
	}
	
	
	// Redirect
	header("Location: parkdetails.php?id=" . $park_id . $status);
	
	mysql_close($connection); // Close connection

	
?>
